Toll fraud is an ongoing risk for business customers, where businesses are billed for long distance calls made fraudulently through their business phone system. It is your responsibility to protect your business from toll fraud, by taking the necessary precautions.
Protect your voicemail, your equipment and educate your employees:
Toll fraud is an ongoing risk for business customers, where businesses are billed for long distance calls made fraudulently through their business phone system. It is your responsibility to protect your business from toll fraud, by taking the necessary precautions. Toll or Long Distance Fraud involves experienced fraudsters accessing vulnerable business phones or voicemail equipment via system option prompts that eventually permit the user to place long distance calls. Fraudsters most often call a business after-hours and use its automated answering system to troll for vulnerable mailboxes. Experienced fraudsters sometimes recognize the equipment they are calling by its prompts and know the equipment's default passwords, allowing them access to mailboxes with unchanged passwords (or try guessing at simple passwords such as 1234 and 1111).
It is imperative for you to protect yourself against this type of fraudulent activity by ensuring your voicemail equipment is safeguarded and your employees are educated about password security best practices.
The below security measures are of a general nature and might not protect every aspect of an individual telephone system - you are encouraged to contact your equipment support provider to discuss the unique aspects and vulnerabilities of your telephone equipment in greater detail. Remember that you are responsible for paying for all calls originating from, and charged calls accepted at, your telephone, regardless of who made or accepted them.
If you have general questions about voicemail equipment protection you should contact your equipment support provider.
If you suspect you have been a target of criminal activity, it is your responsibility to contact the local authorities immediately. Bell Aliant will be pleased to co-operate with you and assist in a formal criminal investigation with your consent and at the request of the local authorities.
Industry best practices for protecting your voicemail equipment include:
- Ensuring your employees change the manufacturers' default password immediately upon being assigned a voicemail box, and are trained to change the password frequently thereafter.
- Programming your voicemail system to require passwords with a minimum of 6 characters (8 is preferred - the more complex the password, the more difficult it is to guess).
- Insisting that your employees don’t use easily-guessed passwords such as their phone numbers, local number, or simple number combinations. When assigning a phone to your new employee, never make the temporary password the employee's telephone number.
- Programming your voicemail system to force users to change their password at least every 90 days.
- Validating whether the through-dialing feature is needed, and if not it should be disabled by your equipment support provider. It is a convenience feature that allows you to make long distance calls through your mailbox when you are at an offsite location. However it is the primary enabler of toll fraud on phone systems. If this feature is used, it is important that you generate and monitor through-dialing reports to ensure your mailboxes are not being abused.
- Removing all unassigned mailboxes.